Executive Summary:
Matt Honan at Wired magazine was hacked for his Twitter name by Lulz. First his Google account was taken over, then his Twitter was hacked in, and his AppleID was hacked and all his data was erased from his Macbook and Apple devices.
This was a social engineering hack. His Twitter account was linked to a Gmail account. After digging around some more, the hackers found out the billing address and the alternate email address for Mr. Honan, which was a me.com account. This led the hackers to believe that Mr. Honan has an AppleID and thus an account with Apple. To change any information in Apple’s database for a customer, they need a email address, billing address and the last 4 digits of a credit card number on file. To complete this stage the hackers, called Mr. Honan’s Amazon account and added a credit card number. Once you can verify one credit card number, you have access to the other credit cards that are also on file. This allowed the hackers to get complete control over Mr. Honan’s digital life, and erase all his personal and account information.
Analysis:
As he said in the article, if he used Google’s two-factor authentication to protect his personal data, some of the damages could have been prevented. Google could have sent him a notification text message, to alert him of the happenings. There are several common mistakes that he made that everybody should be aware of. First of all, almost all of us have a same user name and ID with different addresses. All his information was daisy chained together, same email name for Google and Apple. This not only speed up the hacking process, but made it much easier for the hackers to infiltrate all his accounts.
Another thing that we should be aware of is how careless some of these companies are with personal information. Although there are laws and regulations about protecting personal information, everybody should do their due diligence. Cloud computing is becoming a reality not a choice, so these kind of hacks are going to be wide spread, if we don’t do something about it.
If Apple and Amazon had some kind of communicative common ground about what information is used for authentication, and what information is easily viewable this problem could have been prevented, but in this world and age, that communication is almost impossible, unless coordinated by a governmental agency or an influential non-profit.
Matt Honan at Wired magazine was hacked for his Twitter name by Lulz. First his Google account was taken over, then his Twitter was hacked in, and his AppleID was hacked and all his data was erased from his Macbook and Apple devices.
This was a social engineering hack. His Twitter account was linked to a Gmail account. After digging around some more, the hackers found out the billing address and the alternate email address for Mr. Honan, which was a me.com account. This led the hackers to believe that Mr. Honan has an AppleID and thus an account with Apple. To change any information in Apple’s database for a customer, they need a email address, billing address and the last 4 digits of a credit card number on file. To complete this stage the hackers, called Mr. Honan’s Amazon account and added a credit card number. Once you can verify one credit card number, you have access to the other credit cards that are also on file. This allowed the hackers to get complete control over Mr. Honan’s digital life, and erase all his personal and account information.
Analysis:
As he said in the article, if he used Google’s two-factor authentication to protect his personal data, some of the damages could have been prevented. Google could have sent him a notification text message, to alert him of the happenings. There are several common mistakes that he made that everybody should be aware of. First of all, almost all of us have a same user name and ID with different addresses. All his information was daisy chained together, same email name for Google and Apple. This not only speed up the hacking process, but made it much easier for the hackers to infiltrate all his accounts.
Another thing that we should be aware of is how careless some of these companies are with personal information. Although there are laws and regulations about protecting personal information, everybody should do their due diligence. Cloud computing is becoming a reality not a choice, so these kind of hacks are going to be wide spread, if we don’t do something about it.
If Apple and Amazon had some kind of communicative common ground about what information is used for authentication, and what information is easily viewable this problem could have been prevented, but in this world and age, that communication is almost impossible, unless coordinated by a governmental agency or an influential non-profit.